Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 83fd6b686f808d474baf539958919bc6a32ab983 / . / ssl / ssl_asn1.c
blob: 08eb251c5c518ce4ba37d437b1beb70ec8a890c2 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57/* ====================================================================
58 * Copyright 2005 Nokia. All rights reserved.
59 *
60 * The portions of the attached software ("Contribution") is developed by
61 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
62 * license.
63 *
64 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
65 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
66 * support (see RFC 4279) to OpenSSL.
67 *
68 * No patent licenses or other rights except those expressly stated in
69 * the OpenSSL open source license shall be deemed granted or received
70 * expressly, by implication, estoppel, or otherwise.
71 *
72 * No assurances are provided by Nokia that the Contribution does not
73 * infringe the patent or other intellectual property rights of any third
74 * party or that the license provides you with all the necessary rights
75 * to make use of the Contribution.
76 *
77 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
78 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
79 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
80 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
81 * OTHERWISE. */
82
83#include <assert.h>
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]84#include <limits.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]85#include <stdio.h>
86#include <stdlib.h>
87
88#include <openssl/asn1.h>
89#include <openssl/asn1_mac.h>
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]90#include <openssl/bytestring.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]91#include <openssl/err.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]92#include <openssl/x509.h>
93
94#include "ssl_locl.h"
95
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]96
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]97/* An SSL_SESSION is serialized as the following ASN.1 structure:
98 *
99 * SSLSession ::= SEQUENCE {
100 * version INTEGER (1), -- ignored
101 * sslVersion INTEGER, -- protocol version number
102 * cipher OCTET STRING, -- two bytes long
103 * sessionID OCTET STRING,
104 * masterKey OCTET STRING,
105 * keyArg [0] IMPLICIT OCTET STRING OPTIONAL,
106 * -- ignored: legacy SSLv2-only field.
107 * time [1] INTEGER OPTIONAL, -- seconds since UNIX epoch
108 * timeout [2] INTEGER OPTIONAL, -- in seconds
109 * peer [3] Certificate OPTIONAL,
110 * sessionIDContext [4] OCTET STRING OPTIONAL,
111 * verifyResult [5] INTEGER OPTIONAL, -- one of X509_V_* codes
112 * hostName [6] OCTET STRING OPTIONAL,
113 * -- from server_name extension
114 * pskIdentityHint [7] OCTET STRING OPTIONAL,
115 * pskIdentity [8] OCTET STRING OPTIONAL,
116 * ticketLifetimeHint [9] INTEGER OPTIONAL, -- client-only
117 * ticket [10] OCTET STRING OPTIONAL, -- client-only
118 * peerSHA256 [13] OCTET STRING OPTIONAL,
119 * originalHandshakeHash [14] OCTET STRING OPTIONAL,
120 * signedCertTimestampList [15] OCTET STRING OPTIONAL,
121 * -- contents of SCT extension
122 * ocspResponse [16] OCTET STRING OPTIONAL,
123 * -- stapled OCSP response from the server
124 * }
125 *
126 * Note: When the relevant features were #ifdef'd out, support for
127 * parsing compressionMethod [11] and srpUsername [12] was lost. */
128
129static const int kKeyArgTag = CBS_ASN1_CONTEXT_SPECIFIC | 0;
130static const int kTimeTag =
131 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1;
132static const int kTimeoutTag =
133 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2;
134static const int kPeerTag =
135 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 3;
136static const int kSessionIDContextTag =
137 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 4;
138static const int kVerifyResultTag =
139 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 5;
140static const int kHostNameTag =
141 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 6;
142static const int kPSKIdentityHintTag =
143 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 7;
144static const int kPSKIdentityTag =
145 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 8;
146static const int kTicketLifetimeHintTag =
147 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 9;
148static const int kTicketTag =
149 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 10;
150static const int kPeerSHA256Tag =
151 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 13;
152static const int kOriginalHandshakeHashTag =
153 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 14;
154static const int kSignedCertTimestampListTag =
155 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 15;
156static const int kOCSPResponseTag =
157 CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 16;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]158
159typedef struct ssl_session_asn1_st
160 {
161 ASN1_INTEGER version;
162 ASN1_INTEGER ssl_version;
163 ASN1_OCTET_STRING cipher;
164 ASN1_OCTET_STRING comp_id;
165 ASN1_OCTET_STRING master_key;
166 ASN1_OCTET_STRING session_id;
167 ASN1_OCTET_STRING session_id_context;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]168 ASN1_INTEGER time;
169 ASN1_INTEGER timeout;
170 ASN1_INTEGER verify_result;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]171 ASN1_OCTET_STRING tlsext_hostname;
172 ASN1_INTEGER tlsext_tick_lifetime;
173 ASN1_OCTET_STRING tlsext_tick;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]174 ASN1_OCTET_STRING psk_identity_hint;
175 ASN1_OCTET_STRING psk_identity;
Adam Langley75872532014-06-20 12:00:00 -0700[diff] [blame]176 ASN1_OCTET_STRING peer_sha256;
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]177 ASN1_OCTET_STRING original_handshake_hash;
HÃ¥vard Molland9169c962014-08-14 14:42:37 +0200[diff] [blame]178 ASN1_OCTET_STRING tlsext_signed_cert_timestamp_list;
David Benjamin6c7aed02014-08-27 16:42:38 -0400[diff] [blame]179 ASN1_OCTET_STRING ocsp_response;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]180 } SSL_SESSION_ASN1;
181
182int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
183 {
184#define LSIZE2 (sizeof(long)*2)
David Benjamin6c7aed02014-08-27 16:42:38 -0400[diff] [blame]185 int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v13=0,v14=0,v15=0,v16=0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]186 unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
187 unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]188 int v6=0,v9=0,v10=0;
189 unsigned char ibuf6[LSIZE2];
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]190 long l;
191 SSL_SESSION_ASN1 a;
192 M_ASN1_I2D_vars(in);
193
194 if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
195 return(0);
196
197 /* Note that I cheat in the following 2 assignments. I know
198 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
199 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
200 * This is a bit evil but makes things simple, no dynamic allocation
201 * to clean up :-) */
202 a.version.length=LSIZE2;
203 a.version.type=V_ASN1_INTEGER;
204 a.version.data=ibuf1;
205 ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
206
207 a.ssl_version.length=LSIZE2;
208 a.ssl_version.type=V_ASN1_INTEGER;
209 a.ssl_version.data=ibuf2;
210 ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
211
212 a.cipher.type=V_ASN1_OCTET_STRING;
213 a.cipher.data=buf;
214
215 if (in->cipher == NULL)
216 l=in->cipher_id;
217 else
218 l=in->cipher->id;
219 if (in->ssl_version == SSL2_VERSION)
220 {
221 a.cipher.length=3;
222 buf[0]=((unsigned char)(l>>16L))&0xff;
223 buf[1]=((unsigned char)(l>> 8L))&0xff;
224 buf[2]=((unsigned char)(l ))&0xff;
225 }
226 else
227 {
228 a.cipher.length=2;
229 buf[0]=((unsigned char)(l>>8L))&0xff;
230 buf[1]=((unsigned char)(l ))&0xff;
231 }
232
233
234 a.master_key.length=in->master_key_length;
235 a.master_key.type=V_ASN1_OCTET_STRING;
236 a.master_key.data=in->master_key;
237
238 a.session_id.length=in->session_id_length;
239 a.session_id.type=V_ASN1_OCTET_STRING;
240 a.session_id.data=in->session_id;
241
242 a.session_id_context.length=in->sid_ctx_length;
243 a.session_id_context.type=V_ASN1_OCTET_STRING;
244 a.session_id_context.data=in->sid_ctx;
245
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]246 if (in->time != 0L)
247 {
248 a.time.length=LSIZE2;
249 a.time.type=V_ASN1_INTEGER;
250 a.time.data=ibuf3;
251 ASN1_INTEGER_set(&(a.time),in->time);
252 }
253
254 if (in->timeout != 0L)
255 {
256 a.timeout.length=LSIZE2;
257 a.timeout.type=V_ASN1_INTEGER;
258 a.timeout.data=ibuf4;
259 ASN1_INTEGER_set(&(a.timeout),in->timeout);
260 }
261
262 if (in->verify_result != X509_V_OK)
263 {
264 a.verify_result.length=LSIZE2;
265 a.verify_result.type=V_ASN1_INTEGER;
266 a.verify_result.data=ibuf5;
267 ASN1_INTEGER_set(&a.verify_result,in->verify_result);
268 }
269
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]270 if (in->tlsext_hostname)
271 {
272 a.tlsext_hostname.length=strlen(in->tlsext_hostname);
273 a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
274 a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
275 }
276 if (in->tlsext_tick)
277 {
278 a.tlsext_tick.length= in->tlsext_ticklen;
279 a.tlsext_tick.type=V_ASN1_OCTET_STRING;
280 a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
281 }
282 if (in->tlsext_tick_lifetime_hint > 0)
283 {
284 a.tlsext_tick_lifetime.length=LSIZE2;
285 a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
286 a.tlsext_tick_lifetime.data=ibuf6;
287 ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
288 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]289 if (in->psk_identity_hint)
290 {
291 a.psk_identity_hint.length=strlen(in->psk_identity_hint);
292 a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
293 a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
294 }
295 if (in->psk_identity)
296 {
297 a.psk_identity.length=strlen(in->psk_identity);
298 a.psk_identity.type=V_ASN1_OCTET_STRING;
299 a.psk_identity.data=(unsigned char *)(in->psk_identity);
300 }
Adam Langley75872532014-06-20 12:00:00 -0700[diff] [blame]301
302 if (in->peer_sha256_valid)
303 {
304 a.peer_sha256.length = sizeof(in->peer_sha256);
305 a.peer_sha256.type = V_ASN1_OCTET_STRING;
306 a.peer_sha256.data = in->peer_sha256;
307 }
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]308
309 if (in->original_handshake_hash_len > 0)
310 {
311 a.original_handshake_hash.length = in->original_handshake_hash_len;
312 a.original_handshake_hash.type = V_ASN1_OCTET_STRING;
313 a.original_handshake_hash.data = in->original_handshake_hash;
314 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]315
HÃ¥vard Molland9169c962014-08-14 14:42:37 +0200[diff] [blame]316 if (in->tlsext_signed_cert_timestamp_list_length > 0)
317 {
318 a.tlsext_signed_cert_timestamp_list.length =
319 in->tlsext_signed_cert_timestamp_list_length;
320 a.tlsext_signed_cert_timestamp_list.type = V_ASN1_OCTET_STRING;
321 a.tlsext_signed_cert_timestamp_list.data =
322 in->tlsext_signed_cert_timestamp_list;
323 }
324
David Benjamin6c7aed02014-08-27 16:42:38 -0400[diff] [blame]325 if (in->ocsp_response_length > 0)
326 {
327 a.ocsp_response.length = in->ocsp_response_length;
328 a.ocsp_response.type = V_ASN1_OCTET_STRING;
329 a.ocsp_response.data = in->ocsp_response;
330 }
331
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]332 M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
333 M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
334 M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
335 M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
336 M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]337 if (in->time != 0L)
338 M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
339 if (in->timeout != 0L)
340 M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
Adam Langley75872532014-06-20 12:00:00 -0700[diff] [blame]341 if (in->peer != NULL && in->peer_sha256_valid == 0)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]342 M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
343 M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
344 if (in->verify_result != X509_V_OK)
345 M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
346
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]347 if (in->tlsext_tick_lifetime_hint > 0)
348 M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
349 if (in->tlsext_tick)
350 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
351 if (in->tlsext_hostname)
352 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]353 if (in->psk_identity_hint)
354 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
355 if (in->psk_identity)
356 M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
Adam Langley75872532014-06-20 12:00:00 -0700[diff] [blame]357 if (in->peer_sha256_valid)
358 M_ASN1_I2D_len_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13);
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]359 if (in->original_handshake_hash_len > 0)
360 M_ASN1_I2D_len_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
HÃ¥vard Molland9169c962014-08-14 14:42:37 +0200[diff] [blame]361 if (in->tlsext_signed_cert_timestamp_list_length > 0)
362 M_ASN1_I2D_len_EXP_opt(&(a.tlsext_signed_cert_timestamp_list),
363 i2d_ASN1_OCTET_STRING, 15, v15);
David Benjamin6c7aed02014-08-27 16:42:38 -0400[diff] [blame]364 if (in->ocsp_response_length > 0)
365 M_ASN1_I2D_len_EXP_opt(&(a.ocsp_response), i2d_ASN1_OCTET_STRING, 16, v16);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]366
367 M_ASN1_I2D_seq_total();
368
369 M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
370 M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
371 M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
372 M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
373 M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]374 if (in->time != 0L)
375 M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
376 if (in->timeout != 0L)
377 M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
Adam Langley75872532014-06-20 12:00:00 -0700[diff] [blame]378 if (in->peer != NULL && in->peer_sha256_valid == 0)
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]379 M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
380 M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
381 v4);
382 if (in->verify_result != X509_V_OK)
383 M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]384 if (in->tlsext_hostname)
385 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]386 if (in->psk_identity_hint)
387 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
388 if (in->psk_identity)
389 M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]390 if (in->tlsext_tick_lifetime_hint > 0)
391 M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
392 if (in->tlsext_tick)
393 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
Adam Langley75872532014-06-20 12:00:00 -0700[diff] [blame]394 if (in->peer_sha256_valid)
395 M_ASN1_I2D_put_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13);
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]396 if (in->original_handshake_hash_len > 0)
397 M_ASN1_I2D_put_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
HÃ¥vard Molland9169c962014-08-14 14:42:37 +0200[diff] [blame]398 if (in->tlsext_signed_cert_timestamp_list_length > 0)
399 M_ASN1_I2D_put_EXP_opt(&(a.tlsext_signed_cert_timestamp_list),
400 i2d_ASN1_OCTET_STRING, 15, v15);
David Benjamin6c7aed02014-08-27 16:42:38 -0400[diff] [blame]401 if (in->ocsp_response > 0)
402 M_ASN1_I2D_put_EXP_opt(&(a.ocsp_response), i2d_ASN1_OCTET_STRING, 16, v16);
Adam Langley1258b6a2014-06-20 12:00:00 -0700[diff] [blame]403
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]404 M_ASN1_I2D_finish();
405 }
406
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]407/* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING
408 * explicitly tagged with |tag| from |cbs| and saves it in |*out|. On
409 * entry, if |*out| is not NULL, it frees the existing contents. If
410 * the element was not found, it sets |*out| to NULL. It returns one
411 * on success, whether or not the element was found, and zero on
412 * decode error. */
413static int d2i_SSL_SESSION_get_string(CBS *cbs, char **out, unsigned tag) {
414 CBS value;
415 int present;
416 if (!CBS_get_optional_asn1_octet_string(cbs, &value, &present, tag)) {
417 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
418 return 0;
419 }
420 if (present) {
421 if (CBS_contains_zero_byte(&value)) {
422 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
423 return 0;
424 }
425 if (!CBS_strdup(&value, out)) {
426 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);
427 return 0;
428 }
429 } else if (*out) {
430 OPENSSL_free(*out);
431 *out = NULL;
432 }
433 return 1;
434}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]435
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]436/* d2i_SSL_SESSION_get_string gets an optional ASN.1 OCTET STRING
437 * explicitly tagged with |tag| from |cbs| and stows it in |*out_ptr|
438 * and |*out_len|. If |*out_ptr| is not NULL, it frees the existing
439 * contents. On entry, if the element was not found, it sets
440 * |*out_ptr| to NULL. It returns one on success, whether or not the
441 * element was found, and zero on decode error. */
442static int d2i_SSL_SESSION_get_octet_string(CBS *cbs, uint8_t **out_ptr,
443 size_t *out_len, unsigned tag) {
444 CBS value;
445 if (!CBS_get_optional_asn1_octet_string(cbs, &value, NULL, tag)) {
446 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
447 return 0;
448 }
449 if (!CBS_stow(&value, out_ptr, out_len)) {
450 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, ERR_R_MALLOC_FAILURE);
451 return 0;
452 }
453 return 1;
454}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]455
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]456SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const uint8_t **pp, long length) {
457 SSL_SESSION *ret = NULL;
458 CBS cbs, session, cipher, session_id, master_key;
459 CBS key_arg, peer, sid_ctx, peer_sha256, original_handshake_hash;
460 int has_key_arg, has_peer, has_peer_sha256;
461 uint64_t version, ssl_version;
462 uint64_t session_time, timeout, verify_result, ticket_lifetime_hint;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]463
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]464 if (a && *a) {
465 ret = *a;
466 } else {
467 ret = SSL_SESSION_new();
468 if (ret == NULL) {
469 goto err;
470 }
471 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]472
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]473 CBS_init(&cbs, *pp, length);
474 if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE) ||
475 !CBS_get_asn1_uint64(&session, &version) ||
476 !CBS_get_asn1_uint64(&session, &ssl_version) ||
477 !CBS_get_asn1(&session, &cipher, CBS_ASN1_OCTETSTRING) ||
478 !CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING) ||
479 !CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING) ||
480 !CBS_get_optional_asn1(&session, &key_arg, &has_key_arg, kKeyArgTag) ||
481 !CBS_get_optional_asn1_uint64(&session, &session_time, kTimeTag,
482 time(NULL)) ||
483 !CBS_get_optional_asn1_uint64(&session, &timeout, kTimeoutTag, 3) ||
484 !CBS_get_optional_asn1(&session, &peer, &has_peer, kPeerTag) ||
485 !CBS_get_optional_asn1_octet_string(&session, &sid_ctx, NULL,
486 kSessionIDContextTag) ||
487 !CBS_get_optional_asn1_uint64(&session, &verify_result, kVerifyResultTag,
488 X509_V_OK)) {
489 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
490 goto err;
491 }
492 if (!d2i_SSL_SESSION_get_string(&session, &ret->tlsext_hostname,
493 kHostNameTag) ||
494 !d2i_SSL_SESSION_get_string(&session, &ret->psk_identity_hint,
495 kPSKIdentityHintTag) ||
496 !d2i_SSL_SESSION_get_string(&session, &ret->psk_identity,
497 kPSKIdentityTag)) {
498 goto err;
499 }
500 if (!CBS_get_optional_asn1_uint64(&session, &ticket_lifetime_hint,
501 kTicketLifetimeHintTag, 0)) {
502 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
503 goto err;
504 }
505 if (!d2i_SSL_SESSION_get_octet_string(&session, &ret->tlsext_tick,
506 &ret->tlsext_ticklen, kTicketTag)) {
507 goto err;
508 }
509 if (!CBS_get_optional_asn1_octet_string(&session, &peer_sha256,
510 &has_peer_sha256, kPeerSHA256Tag) ||
511 !CBS_get_optional_asn1_octet_string(&session, &original_handshake_hash,
512 NULL, kOriginalHandshakeHashTag)) {
513 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
514 goto err;
515 }
516 if (!d2i_SSL_SESSION_get_octet_string(
517 &session, &ret->tlsext_signed_cert_timestamp_list,
518 &ret->tlsext_signed_cert_timestamp_list_length,
519 kSignedCertTimestampListTag) ||
520 !d2i_SSL_SESSION_get_octet_string(
521 &session, &ret->ocsp_response, &ret->ocsp_response_length,
522 kOCSPResponseTag)) {
523 goto err;
524 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]525
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]526 /* Ignore |version|. The structure version number is ignored. */
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]527
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]528 /* Only support SSLv3/TLS and DTLS. */
529 if ((ssl_version >> 8) != SSL3_VERSION_MAJOR &&
530 (ssl_version >> 8) != (DTLS1_VERSION >> 8)) {
531 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
532 goto err;
533 }
534 ret->ssl_version = ssl_version;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]535
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]536 if (CBS_len(&cipher) != 2) {
537 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
538 goto err;
539 }
540 ret->cipher_id =
541 0x03000000L | (CBS_data(&cipher)[0] << 8L) | CBS_data(&cipher)[1];
542 ret->cipher = ssl3_get_cipher_by_value(ret->cipher_id & 0xffff);
543 if (ret->cipher == NULL) {
544 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_UNSUPPORTED_CIPHER);
545 goto err;
546 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]547
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]548 if (CBS_len(&session_id) > SSL3_MAX_SSL_SESSION_ID_LENGTH) {
549 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
550 goto err;
551 }
552 memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));
553 ret->session_id_length = CBS_len(&session_id);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]554
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]555 if (CBS_len(&master_key) > SSL_MAX_MASTER_KEY_LENGTH) {
556 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
557 goto err;
558 }
559 memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key));
560 ret->master_key_length = CBS_len(&master_key);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]561
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]562 if (session_time > LONG_MAX ||
563 timeout > LONG_MAX) {
564 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
565 goto err;
566 }
567 ret->time = session_time;
568 ret->timeout = timeout;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]569
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]570 if (ret->peer != NULL) {
571 X509_free(ret->peer);
572 ret->peer = NULL;
573 }
574 if (has_peer) {
575 const uint8_t *ptr;
576 ptr = CBS_data(&peer);
577 ret->peer = d2i_X509(NULL, &ptr, CBS_len(&peer));
578 if (ret->peer == NULL) {
579 goto err;
580 }
581 if (ptr != CBS_data(&peer) + CBS_len(&peer)) {
582 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
583 goto err;
584 }
585 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]586
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]587 if (CBS_len(&sid_ctx) > sizeof(ret->sid_ctx)) {
588 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
589 goto err;
590 }
591 memcpy(ret->sid_ctx, CBS_data(&sid_ctx), CBS_len(&sid_ctx));
592 ret->sid_ctx_length = CBS_len(&sid_ctx);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]593
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]594 if (verify_result > LONG_MAX ||
595 ticket_lifetime_hint > 0xffffffff) {
596 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
597 goto err;
598 }
599 ret->verify_result = verify_result;
600 ret->tlsext_tick_lifetime_hint = ticket_lifetime_hint;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]601
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]602 if (has_peer_sha256) {
603 if (CBS_len(&peer_sha256) != sizeof(ret->peer_sha256)) {
604 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
605 goto err;
606 }
607 memcpy(ret->peer_sha256, CBS_data(&peer_sha256), sizeof(ret->peer_sha256));
608 ret->peer_sha256_valid = 1;
609 } else {
610 ret->peer_sha256_valid = 0;
611 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]612
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]613 if (CBS_len(&original_handshake_hash) >
614 sizeof(ret->original_handshake_hash)) {
615 OPENSSL_PUT_ERROR(SSL, d2i_SSL_SESSION, SSL_R_INVALID_SSL_SESSION);
616 goto err;
617 }
618 memcpy(ret->original_handshake_hash, CBS_data(&original_handshake_hash),
619 CBS_len(&original_handshake_hash));
620 ret->original_handshake_hash_len = CBS_len(&original_handshake_hash);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]621
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]622 if (a) {
623 *a = ret;
624 }
625 *pp = CBS_data(&cbs);
626 return ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]627
David Benjamin83fd6b62014-10-19 04:33:38 -0400[diff] [blame^]628err:
629 if (a && *a != ret) {
630 SSL_SESSION_free(ret);
631 }
632 return NULL;
633}